When you’re tasked with choosing the right cybersecurity partner, it can be a challenge to sort out which services make sense for your organization. While managed services are necessary for many smaller and newer companies, it’s easy to get caught up in “acronym soup” - MSSP, MDR, XDR, MXDR - how do you sift through it all?
Are you unsure what your company might need? Are you struggling to distinguish between services from various partners? We’re here to help you understand the differences between MDR, MSSP, and how SolCyber fits into the landscape.
The Basics: What’s the difference between an MDR and an MSSP?
MDR
We’ll start by talking about managed detection and response (MDR), which we’ll group with extended detection and response (XDR) and managed extended detection and response (MXDR) - all services that include “detection and response” as part of their main service offering - organized and managed using a modern security operations center (MSOC).
An MDR uses the MSOC to identify and investigate incoming threats and then offers analysis and appropriate responses to security events that require action. This is a more in-depth approach than is usually taken by MSSPs. Regardless of specific differences among providers, MDRs combine a prescribed technology stack (typically an EDR) with human expertise to go beyond simple alerting and also issue some level of response.
MSSP
Managed security service providers (MSSPs) are generally a higher-level security solution than MDRs, monitoring and alerting organizations to threats, but not handling responses.
Whereas MDRs can serve as an outsourced team that comes in with deeper capabilities and a set technology stack, MSSPs tend to be vendor agnostic, more automated in nature, and only as good as the information they are given. Instead of being all-encompassing, MSSPs are focused on identifying threats as they come in, but not responding to or remediating them.
MDR Limitations
Even though MDR services may seem like the more appealing option, they’re not without their limitations and drawbacks.
There’s no consistency
While the MDR segment is defined by analysts in a way that can group several similar services together, no two providers offer the exact same capabilities. It’s the organization's job to assess each provider's features to determine which will be the right fit for its needs. This screening is especially important if the customer wants to be sure an MDR can support specific threats or technological advancements.
Lack of consistency makes comparison impossible
Because each vendor characterizes MDR differently, comparing among them becomes incredibly difficult, to near impossible, especially if they don’t provide a detailed list of features on their website. If Vendor A provides MDR for $10, and Vendor B provides MDR for $25, how can you tell the difference at a glance?
They don’t enable outcomes
Despite offering a deeper level of support, MDRs don’t enable outcomes. They still just provide a set of capabilities on top of a technology stack. If a vendor doesn’t have email security technology, that service is omitted, regardless of the desired outcome the organization wants from a security solution.
What do you, the customer, really need?
To continue to reduce the likelihood and impact of cyber attacks, customers need to have certain security capabilities, either enabled in-house or through an outside provider. While every vendor’s approach is slightly different, there are standards in place that can help you determine what’s most important for your industry and organizational size.
The National Institute of Standards and Technology (NIST), the Cybersecurity & Infrastructure Security Agency (CISA), and cyber insurance companies are all focused on what capabilities will most significantly reduce cyber risks. As recently outlined by CISA’s cross-sector Cybersecurity Performance Goals (CPGs), companies of all sizes need to be focused on protecting against incoming attacks. Here’s one way to do that.
In the world of insurance, there are two constants: 1] insurers want to limit the probability of a payout 2] clients want to limit the expenditure on premiums. Because cyber insurers provide guidelines for what they consider a sound security posture, meeting those expectations can provide a win on both counts.
In other words, if a company applies the protection points outlined below, most cyber insurers would consider it a lower risk for attack and a better candidate for affordable rates. That makes the following capabilities basic standards every company should enable.
- Critical vulnerability patching conducted in a timely manner
- Training for employees on business email compromise (BEC), phishing, and other social engineering attacks
- Endpoint detection response (EDR) and endpoint protection (EPP) technology
- Protection against admin abuse
- Monitoring and response available 24x7
- Offsite backups
How does SolCyber size up?
Now that you better understand the difference between MDR and MSSP, here’s a comparison table that shows how SolCyber stacks up and how we can help you meet cyber insurance requirements.
Instead of choosing between MDR and MSSP, why not have the best of both worlds?
As you can see from the chart, many of the features required by cyber insurance companies can be limited or optional with both MSSPs and MDRs. While MDRs can include protection technology and deeper levels of endpoint and incident response, these services are not guaranteed. Only a few baseline features are common across all providers.
With SolCyber, organizations can rest easy and enjoy a more comprehensive security solution tied to key cybersecurity requirements. Our protective elements are tailored to today’s modern threats, with endpoint response that helps improve resilience and recovery in case of an incident. We’ll be a true support partner for you, monitoring the essential elements of your environment.
End your search in the acronym soup and work with a partner dedicated to cyber resilience, talk to us.
